The growth of electronic student data in America's education system has focused attention on the ways these data are collected, processed, stored, and used. The use of records in Statewide Longitudinal Data Systems to follow the progress of individual students over time requires maintaining student education records that include information that identifies individual students. The sensitivity of some of the personally identifiable information in student records increases the level of concern over these data. Administrators and data managers can help ensure the protection of personally identifiable information in the student records they maintain by developing and implementing a privacy and data protection program. The principles embodied in the Fair Information Practices adopted in the United States by the Federal Chief Information Officers Council and the Department of Homeland Security, coupled with the Family Educational Rights and Privacy Act (FERPA) and related regulations, provide a foundation for such a program. This paper discusses the processes involved in managing a sound privacy and data protection program for student education records. (Contains 19 footnotes.) [For Technical Brief 1, "Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records", see ED513101.]